Cookies that track Internet users are dying out

After nearly 20 years, the era of web-based “cookies” appears headed for an end, as companies like Google, Apple and Microsoft explore new ways to track Internet users’ habits, from desktop PCs to smartphones and tablets.

And that’s causing fresh consternation among privacy advocates, as well as leaders in the $100 billion digital ad industry, while sparking new debates over who should control that user information.

Cookies are those little bits of code that track your web preferences, in part so advertisers can show you messages based on your supposed interests. They’ve long been a central part of the grand bargain in which consumers enjoy all kinds of free services — from web-based email and YouTube videos to Facebook games and other apps — in exchange for viewing online ads.

Advertisement

“The industry thrives on the ability to define and identify audiences and target those audiences with specific advertising,” said Steve Sullivan, a vice president with the Interactive Advertising Bureau, a trade group. “We need to be able to do that.”

But over the years, cookies have come under fire from privacy advocates who say their tracking is too intrusive. At the same time, advertisers say they’ve become increasingly less effective, in part because more consumers are using smartphones and other mobile devices that don’t support cookie files.

“Whether any of us likes it or not, cookies are going to disappear entirely or diminish to the point where they are not particularly useful,” said Eric Bader, chief marketing officer at the online ad agency RadiumOne.

Privacy experts warn that any new system that replaces cookies will likely let Internet businesses learn even more about individuals, especially if it tracks their habits across multiple gadgets that people use throughout the day. Chris Hoofnagle at the University of California’s Berkeley Center for Law and Technology predicted the new methods will give consumers “less privacy, because they will have less control.”

Some advertising companies, meanwhile, fear a tech giant like Google could gain unfair advantage by developing a proprietary system and then setting the rules for anyone else who wants to use it.

Google has downplayed critics’ fears, which were stoked in recent weeks by reports in USA Today and other publications that it is working on cookie alternatives.

“We believe that technological enhancements can improve users’ security while ensuring the web remains economically viable,” Google said in a statement. The company declined to discuss specifics, adding: “We and others have a number of concepts in this area, but they’re all at very early stages.”

The cookies in wide use today are small files that a browser such as Microsoft’s Explorer or Google’s Chrome picks up when visiting a website. The code in the file lets the website recall certain information on subsequent visits, such as a user’s preferred settings, or items placed in an online “shopping cart” for later purchase.

Advertisers and marketing agencies also place multiple “third-party” cookies on a website, to track which ads a computer user has seen and other sites the user visits. That’s how they show you ads for Hawaiian resorts for days after you’ve searched or clicked on travel sites.

Cookies are designed according to common technical standards, which means any company can use the technology. But advertisers increasingly view them as inefficient, since each cookie may provide only a limited peek at a user’s web preferences or habits.

“Cookies have become more fragile. People don’t trust them; browsers are blocking them. So the industry is looking for a replacement,” said Justin Brookman at the nonprofit Center for Democracy and Technology.

To date, no single technology has emerged as a likely successor. Apple now assigns an “Advertising Identifier” code to each iPhone, which lets advertisers collect information from apps or services on that device. Apple lets users reset the code to erase their history, or opt out of ads based on tracking.

Microsoft last week introduced its own “unique identifier” for advertisers to track how people use apps built on Windows. Analysts have speculated Google may be working on a similar idea.

Google and Facebook already know some things about users who browse the web while signed into their Google or Facebook accounts, although both companies have self-imposed limits on how they use that information. Ad agencies also have cookie alternatives: Bader said RadiumOne can target audiences by combining a computer’s Internet Protocol address with other data from websites.

But industry executives note Google’s Chrome web browser and Android mobile software are the most widely used in the world. Some fear Google could charge higher fees, or require advertisers to share valuable marketing data, to participate in a new tracking system.

Privacy advocates, meanwhile, worry that new methods may not be as easily blocked as cookies — although, in theory, companies could design any new system with strong or weak privacy protections, said Jonathan Mayer, a Stanford scholar who studies privacy and computer science.